You may think that your company has a strong compliance program to prevent any form of financial fraud, financial statement fraud, violations of the Foreign Corrupt Practice Act and asset misappropriation. There are checks and balances that need to be in order and for that you’ll have the executives, the board of directors, internal auditors and lawyers keeping an eye on operations.
Yet, the unimaginable happens. There are reports of a major fraud transaction internally and the entire scheme may have involved various members of the upper and middle management. The information was disclosed by an employee’s whisper, which is basically an internal hotline and it has enough substance to actually be believed.
So, what should the beneficiary of the tip do? Well, first they need to realize that their compliance program has failed. Apart from a company’s rigorous efforts, a risk in the program may exist. So, there’s no time for mourning over what may have gone wrong, what matters now is what the company needs to do next. Here’s what the company should do:
The first step the company needs to take is to report the suspicious activity in order to determine whether it’s credible or not. Does the allegation have sufficient evidence to be believable? Does the activity shed light on the company’s activities and employees? So, the more specific the allegation, the more plausible the whistle blowers repot will be.
Companies that immediately begin their investigation of such activities are really favored by the Securities and Exchange Commission, since they appear as being more credible and prepared. After the whistle has been blown the upper management needs to examine the allegations before the SEC becomes officially involved, because if the SEC finds issues in the compliance program, it will be then regarded as an attempt to mislead the regulatory body.
Such cases demonstrated that the whistle blowers allegations need to be taken seriously, even if the management has considerable knowledge that the accusations are false.
If you decide to use outside investigators, make sure you use the outside counsel as well to direct work and obtain results. If the outside council directs the investigators, the reports of the investigation can be protected according to attorney-client privilege. The company needs to have this extra layer of defense, but until there’s clear evidence about the accusations it’s always better to stay internal to protect the work product.
This protection is highly crucial especially, if the company is being targeted by government investigators. Even if the management believes that there’s “nothing to hide”, it is always a good idea to protect the results of the investigation, if the government gets involved.
Even if the accusations turn out to be false it’s always better to focus on the process where it’s been negligent. By showing that the company is focusing on amending the situation the regulatory body may look more favorable towards it.